Website Access Parental Management

ABSTRACT

Website access parental management techniques block a user device from accessing websites and permit access to a particular website if the received identification of the user device corresponds to a particular registered protected user identification in the records and the particular website corresponds to an approved website identified in a profile of the user. New websites can be approved by administrators and such approval can result in the approved websites being included in the approved website list of the user profile. Secondary administrators with different authorization rights and different approved website lists can be designated to manage the same or different registered protected users.

TECHNICAL FIELD

The present invention relates to internet access management and, moreparticularly but not exclusively, to website access parental management.

BACKGROUND

The internet is now part of the daily lives of both adults and childrenin the developed world. Children now use the internet in a variety ofschool and play environments including their own homes, homes of friendsor relatives, schools, libraries, recreational parks, etc. Children goonline to access information for the purpose of learning as well as foractivities that are not related to educational activities. The absenceof filters and any review process can result in children being exposedto controversial information. Mechanisms exist to try to stop computersfrom automatically accessing websites and downloading information. Themany different environments in which a child may access the internet andthe easy accessibility to online content pose a challenge to parentswishing to control, in a balanced way, children's exposure toinappropriate internet content.

There is a need to provide improved website access control for parentsthat can manage the ever increasing use of the internet by children indifferent environments.

SUMMARY

According to one aspect, there is provided a method ofcomputer-implemented parental website access management. The method maycomprise; blocking a user device from accessing websites; receiving, inthe user device, identification of a user; accessing, in memory, recordsof at least one registered protected user; comparing the received useridentification to registered protected user identification in theaccessed records; blocking user device website access to any websites inresponse to determining the received user identification does notcorrespond to a registered protected user identification in the records;and in response to determining the received user identificationcorresponds to a particular registered protected user identification inthe records, permitting the user device to access at least one websitecorresponding to at least one approved website identified in records ofthe particular registered protected user.

By permitting the user device to access websites that only correspond toapproved websites identified in records of a particular registeredprotected user in response to verifying, from the received useridentification and user records, that the received user identificationcorresponds to the particular registered protected user identificationin the records, parents can be reassured that access to websites via auser device is limited to the websites pre-approved for that particularregistered protected user. In this manner, individual specific websitescan be pre-approved by parents according to what is appropriate for eachparticular child.

According to yet another aspect, there is provided an apparatus forwebsite access parental management. The apparatus may comprise: aprocessor operably connectable to at least one user device; a data buscoupled to the processor; and a computer usable medium embodyingcomputer program code, the computer usable medium being coupled to thedata bus; and the computer program code comprising instructionsexecutable by the processor and configured to: block a user device fromaccessing websites; receive, from the user device, an instruction toaccess a particular website; receive, from the user device,identification of a user; access, in memory, records of at least oneregistered protected user; compare the received user identification toregistered protected user identification in the accessed records; blockthe user device website access to any websites if the received useridentification does not correspond to a registered protected useridentification in the records; if the received user identificationcorresponds to the particular registered protected user identificationin the records, permit the user device to access the particular websitecorresponding to an approved website identified in the records of theparticular registered protected user.

According to another aspect, there is provided a computer-readablemedium for website access parental management, the computer-readablemedium embodying computer program code, the computer program codecomprising computer executable instructions configured for: blocking auser device from accessing any websites; receiving, in the user device,identification of a user; accessing, in memory, records of at least oneregistered protected user; comparing the received user identification toregistered protected user identification in the accessed records;blocking the user device access to websites if the received useridentification does not correspond to a particular registered protecteduser identification in the records; permitting the user device to accessat least one website corresponding to at least one approved websiteidentified in records of a particular registered protected if thereceived user identification and corresponds to the particularregistered protected user identification in the records.

BRIEF DESCRIPTION OF THE DRAWINGS

In order that the present invention may be more readily understood,reference will now be made to the accompanying drawings, in which:

FIG. 1 is schematic of a data processing environment for implementingmethods of website access parental management according to embodiments;

FIG. 2 is a schematic of an exemplary website access parental managementpackage for implementing parental management methods according toembodiments;

FIG. 3 illustrates an exemplary protected user profile interfacegenerated by the parental management package of FIG. 2 according to oneembodiment;

FIG. 4 illustrates an exemplary administration user interface generatedby the parental management package of FIG. 2 according to oneembodiment;

FIG. 5 illustrates a secondary administration user interface generatedby the parental management package of FIG. 2 according to oneembodiment;

FIG. 6 is a flow chart illustrating an exemplary method of websiteaccess parental management implemented in the computer data processingenvironment of FIG. 1 according to one embodiment;

FIG. 7 is a flow chart illustrating an exemplary method of websiteaccess parental management implemented in the computer data processingenvironment of FIG. 1 according to one embodiment;

FIG. 8 is a flow chart illustrating an exemplary method of websiteaccess parental management implemented in the computer data processingenvironment of FIG. 1 according to one embodiment;

FIG. 9 is a flow chart illustrating an exemplary method of websiteaccess parental management implemented in the computer data processingenvironment of FIG. 1 according to one embodiment; and

FIG. 10 is a flow chart illustrating an exemplary method of websiteaccess parental management implemented in the computer data processingenvironment of FIG. 1 according to one embodiment.

DETAILED DESCRIPTION

In the following description, for purposes of explanation and notlimitation, specific details are set forth, such as particularembodiments, procedures, techniques, etc. in order to provide a thoroughunderstanding of the present invention. However, it will be apparent toone skilled in the art that the present invention may be practiced inother embodiments that depart from these specific details.

Methods and apparatus for website access parental management accordingto the embodiments described herein can be implemented in any type ofcomputer or data processing environment having a processor and a userinterface, operatively connected or connectable to the processor. Theprocessor can be coupled to a computer usable medium embodying computerprogram code via a data bus. The computer program code comprisesinstructions executable by the processor and configured to implement awebsite access management device according to the embodiments describedherein.

Technical features described in this application can be used toconstruct various embodiments of website access parental managementtechniques. According to one approach, there is provided a method ofcomputer-implemented website access parental management which enablesuser devices to access only those websites that correspond topre-approved websites identified in records of a particular registeredprotected user that has been identified as the user of the user device.The term “user device website access” is utilized herein to mean a userdevice having website access to the extent that the website is displayedfor viewing by the end user. Similarly, the term “access a website”,“accessing a website” etc. means access/accessing a website to theextent that the website is viewable on a user device. The term “blockingwebsite access” means blocking the capability of viewing the website. Inaddition to blocking a user device from connecting to a website serveretc., it will be appreciated that it is possible to connect to a websiteover the internet but yet block the user device from displaying thewebsite to the extent that a user cannot view the website on the userdevice, i.e. the user device cannot access the website even though theuserdevice may be connected to the website.

According to another approach, a primary or secondary administrator isprompted to approve access to a particular website that has not beenpre-approved. Such approval can result in the approved website beingincluded in the approved website list of the user profile of theparticular registered protected user. One or more secondaryadministrators may be designated with authorization rights that enablethe secondary administrator to decide whether to authorize a particularregistered protected user access to a website that corresponds to awebsite included in the secondary administrators own pre-approvedwebsite list. Secondary administrators with different authorizationrights and different approved website lists can be designated to managethe same or different registered protected users.

A non-limiting example of the hardware of a data processing system forimplementing methods and apparatus of the embodiments will now bedescribed. The data processing system is, by way of example, implementedin a user device 9, such as a desktop or laptop computer havingconfiguration shown in FIG. 1. In other examples, user device 9 may be aserver, personal computer, pda phone, notebook, tabletsmartphone orother device or a plurality of devices interconnected over a network.User device 9 has a central processor unit (CPU) or other processor 10,operable to execute a program under control of program software providedin memory 16, such as random access memory (RAM), and also in a storagememory 11 such as a disc drive. The storage memory 11 and the memory 16are also available to the processor unit 10 for temporary or permanentstorage of results and data. A network interface 17 is coupled to theprocessor unit 10 and permits communication between the processor unit10 and local and/or external network devices over the internet 19.

The processor unit 10 is coupled to receive input from one or more inputdevices that may be, but not limited to, a pointing device 14 such as amouse, pad or touch screen; and a text input device 13 such as akeyboard or touch screen. Other input devices capable of receiving humanentered input selections for operating the website access managementuser interfaces can be adopted in addition or in place of devices 13,14. The processor unit 10 also drives a display 15 that displays imagesand provides sounds as controlled and provided by the processor unit 10.Processor unit 10 can be any type or processer that is configurable torun the website access parental management computer program code. Whilstin the example of FIG. 1 the processor unit 10 for processing thewebsite access management application is included in the user device 9,in other non-limiting examples, the processor can be located in aserver, personal computer, smartphone, notebook, tablet smartphone orother device.

The processor can be operatively connected or connectable locally todisplay device 15 or remotely via any suitable remote or local network.Whilst in FIG. 1, display device 15 is included in the user device 9,any type of local or remote display device can be adopted which isconfigured to render for viewing by a human user the user interfacesgenerated by the website access parental management application.

Also included in the user device 9 is iris and/or face scan recognitiondevice 18 which is configured to scan the iris and/or face of each userof the device and identify the user from scan and user iris and/or facedata pre-stored in the user profile.

The data processing system, as described in relation to FIG. 1, can alsobe split and disseminated in several parts or network clouds. All thatis required, for the embodiments, is that a system can be providedcapable of providing the website access parental managementfunctionality of any one or more examples as described hereafter.

Attention is next drawn to FIG. 2, an exemplary block diagramillustrating the computer software system for directing the operation ofthe data processing systems of the embodiments. The software system hasa parental website access management application module 21, which isstored in system storage/memory. The software system can include akernel or operating system and a shell or interface. One or moreapplication programs or modules, such as the parental managementapplication software, may be “loaded” (i.e., transferred from storageinto memory for execution by the processor. The system receives usercommands and data through user interface; these inputs may then be actedupon by the user device 9 or other data-processing apparatus inaccordance with instructions from operating module and/or applicationmodule.

Note that the term “module” as utilized herein may refer to a collectionof routines and data structures that perform a particular task orimplements a particular abstract data type. Modules may be composed oftwo parts: an interface, which lists the constants, data types,variable, and routines that can be accessed by other modules orroutines; and an implementation, which is typically private (accessibleonly to that module) and which includes source code that actuallyimplements the routines in the module. The term “module” may also simplyrefer to an application such as a computer program design to assist inthe performance of a specific task.

The processor unit 10 is organized and driven by operating system 20that, together with the rest of the computer, runs parental websiteaccess management software module 21. Operating system 20 also runs userinterface software 23 that, when required, implements the user interfacedevice of display 15 to allow interaction with website access parentalmanagement software module 21, internet sites and integral devices suchas the pointing device 14, the text input device 13, and with any datainput and output sockets.

Application module 21 can include instructions such as the variousoperations described herein. More specifically, in one example as shownin FIG. 2, application module 21 can include a user profile manager 311,an administration manager 312, authentication manager 313, websiteaccess manager 314 and shut down manager 315. As will be explained inmore detail below with reference to non-limiting examples, user profilemanger module 311 is configured to control, in response to receivinguser device inputs, registration of “protected users”, i.e. children tobe protected from viewing inappropriate website content, and generateprotected user profiles. Administration manager 312 is configured to setand control, in response to receiving user device inputs, variousadministration operations, such as, assigning particular administratorsand administration settings to particular registered protected users,designating administrators as primary or secondary administrators,defining particular administrator settings etc. The authenticationmanager 313 is configured to control authentication operations, such as,for example, controlling authentication of a particular user of the userdevice 9. The website access manager 314 is configured to control theuser device 9 access to the internet and websites and block or allowaccess according to receiving instructions from the other modules oruser inputs.

Software system can include databases, libraries and other indexable orsearchable data storage systems for storing data including, for example,user profile data, administration data and authentication data. Suchdatabases and other storage system can be stored in storage/memory whichcan be located locally or remotely from the processor. In the example ofFIG. 2, the software system also includes storage systems 316 and317which are user databases, libraries and/or other storage systems thatstore data associated with the system. Registered user storage system316 stores data associated with registered protected users of thesystem. Administrator storage system 317 stores data associated withregistered administrators of the system. Whilst the user storage systems316 and 317 are shown as individual storage, as part of the websiteaccess parental management package, they may be implemented as onestorage system. Furthermore, one or both storage systems may beimplemented separated from the package either locally or remotely.

User interface module 23, which is, for example, a graphical userinterface (GUI) module, also serves to display results on the displaydevice, whereupon the user may supply additional inputs or, for example,terminate a given session.

In various other embodiments, the application module 21 can beimplemented as a client, as a server, or both a client and server. Forserver environments, the network on which the server is connected is,for example, the Internet, but equally can be any one of, combinationof, or interconnection of, but not restricted to: a local area network(LAN); a wide area network (WAN): a home network; and a wireless networktelecommunications.

Turning to the user profile manager 311 in more detail, user profilemanager 311 is configured to generate and cause rendering of protecteduser interfaces to enable registering and management of protected userdata. The user data may be entered and stored from another user deviceor received via the protected user interface. Examples of stored userdata are protected user login details for logging into the system asregistered protected user, protected user personal details, protecteduser management settings including but not limited to website addresslists of websites that each registered protected user is pre-approved toaccess and download without any further approval from an administrator,website specific or universal re-authentication and/or website accesstime data, and user device shut down time data.

By way of example FIG. 3 is an exemplary screen shot of a registeredprotected user profile interface 400 showing the website accessmanagement settings for a registered protected user according to oneembodiment. The exemplary user profile interface 400 includes an exampleof a pre-approved website list 401, website specific re-authenticationtimes 402, and user device shut down time 403 for a particularregistered protected user logged into the website access managementpackage. Note that only particular data that an administrator hasapproved for manipulation by the protected user is configurable via theprotected user interface. Other data including management settings, suchas the web access management settings, are configurable via theadministrator user interface and are not configurable via the protecteduser profile interface 400.

Turning now in more detail to administrator manager 312, administrativemanager 312 is configured to control, in response to receiving userinstructions, user device 9 registration and designation of primary andsecondary administrators. Each primary administrator is, for example, aparent of a child and has universal authority for managing website anduser device access by one or more particular protected users (e.g. oneor more children) Secondary administrators may have different levels ofauthorization rights and each secondary administrator may have adifferent authorization management level for a different registeredprotected user. Examples of authorization rights are: authorization tomanage access to particular websites, authorization to set websitespecific and universal re-authentication times, authorization to setshut down time. Secondary administrators may be, for example, any one orcombination of older siblings, grandmothers and child carers.

Administrative manager 312 is also configured to manage administrativefunctionality of the system and administrator records contained in theadministration storage system 317 including profile information for theone or more primary and secondary administrators. Examples of suchprofile information include administration login details for accessingthe website access control system and data reflecting the primary andsecondary administrators authority to manage particular protected usersattempting to access websites. By way of example, FIG. 4 is a screenshot of a primary administrator user interface 500 with managementoverview selected. Secondary administrator authority window 501 andprotected user administration window 502 are shown. Secondaryadministrator authority window 501 includes names of secondaryadministrators together with levels of authority for website access,re-authentication and shut down management assigned to each secondaryadministrator. Protected user administration window 502 shows the levelof administrator (primary, secondary, none) controlling website access,re-authentication time, and shut down time assigned to each particularprotected user.

A primary administrator, such as a parent, logged into the system canutilize the primary administrator user interface 500 to designate aparticular primary or secondary administrator as manager of a particularprotected use. Different secondary administrators can be designated tomanage different and/or the same respective registered protected users.The level of authority (universal, limited, none) for managing websiteaccess, re-authentication time, and shut down time, via the useradministrator interface is also configurable via the primaryadministrator user interface 500 for each particular secondaryadministrator. “Universal” refers to the secondary administrator havingauthorization rights to manage website access, re-authentication times,and shut down time parameters. “Limited” refers to the secondaryadministrator having authorization rights to manage some of theseparameters. “None” refers to the secondary administration having noauthorization rights to manage these parameters but has access tomanagement view etc. to view administrator settings etc. Note that wherea secondary administrator is authorized to perform website accessmanagement, (has universal or limited authorization), the secondaryadministrator cannot authorize a protected user to access a websiteunless that website is on the website list that the secondaryadministrator is pre-approved by the primary administrator (parent) toview and authorize access thereto. The list of website address that aparticular secondary administrator is authorized to manage access for isconfigurable via the primary administrator user interface 500. Thus, theauthorization rights including pre-approved websites can be customizedfor a particular secondary administrator and that secondaryadministrator assigned to manage a particular registered protected user.

By way of example, FIG. 5 is an exemplary screen shot of a secondaryadministrator user interface 600 according to one embodiment. Secondaryadministrator user interface 600 includes a secondary user interfacewindow 601 and protected user settings window 602. Secondary userinterface window 601, in this example, shows the logged in secondaryadministrator 1 has been assigned limited website access managementauthority by a primary administrator for managing User 1. As alreadymentioned, limited access management authority means that the secondaryadministrator has authority to manage some but not all of the followingparameters: website access, re-authentication time and shut down time.In the example of FIG. 5, the secondary administrator 1 has authority tomanage the following: website access, and shut down time but notre-authorization time (see window 601). As can be seen from window 501,secondary administrator 1 has been assigned to manage user 1 but notuser 2 or user 3.

Secondary administrator 2 with customized authorization rights has beenassigned to manage user 3. A primary administrator has been assigned touser 2. For the purpose of website access management, secondary userinterface window 601 includes the list of website addresses of websiteswhich the secondary administrator 1 is authorized, if the secondaryadministrator sees fit, to approve access for protected user 1 and, ifappropriate, include in the pre-approved website list of the protecteduser profile. Protected user administration interface window 502provides an overview of the management level relating to website access,re-authentication time and shut down time for each particular protecteduser. Secondary administrator interface window 602 allows a secondaryadministrator to easily determine the protected user settings.

Authentication manager 313 is configured to control the user device toobtain, via the user interface, authentication of the particular user ofthe user device. Authentication is implemented by the authenticationmanager each time an input is received in the user device indicating aprotected user or administrator is seeking to initiate a new session toaccess the user device. Authentication is further implemented by theauthentication manage module according to the website access controlsettings of a particular registered protected user logged into the userdevice, as will be explained in more detail below.

Authentication may be implemented in different ways. In one example,authentication is implemented by iris and/or face recognition device 18scanning the user and comparing scanned information with pre-storedprofile information for a user. In another example, authentication maybe implemented via a login user interface of the user device andcomparing a user name and password received via the user interface topre-stored login information for a user.

Methods of website access parental management according to embodimentswill now be described with reference to the website access parentalmanagement system of FIGS. 1 to 5. It is assumed here that prior toimplementing the following methods, the website access parentalmanagement package 21 is running on user device 9, primary administratorinformation for each parent, secondary administrator information foreach sibling, grandparent and/or child caregiver, and protected userinformation for each child to be protected has been inputted into thesystem and the primary administrator, secondary administrator, andregistered protected user accounts set up as described hereinbefore withreference to FIGS. 1 to 5.

FIG. 6 is a flow chart outlining a method of website access parentalmanagement according to one embodiment. Method 700 initiates by the webaccess manager module blocking the user device from accessing anywebsites (701) e.g. by blocking the user device from connecting towebsite addresses or blocking the user device from displaying thewebsite for viewing by a user. An exception to this is where the websiteaccess parental management is running on a webserver and must beaccessed by the user devices via a website in order for the websiteaccess parental management to be implemented on the user device. In sucha case, the user device has access to the website access parentalmanagement website. A user instruction is received to access a website(702). In this example, a child user enters an instruction into the userdevice to access a particular website they wish to view. Authenticationmanager generates a prompt on the user device requesting a useridentification (703). The user device receives identification input bythe iris/facial recognition system automatically scanning the eye and/orface of the child user. Alternatively, authentication manger causes theuser device to display a user login page or window on the user interfacein response to receiving an input through the user interface and logininputs are received in response to the child entering login details. Inresponse to receiving a user identification (704), the authenticationmanager accesses the records in memory (705) and looks for a registeredprotected user identification (ID) in the records corresponding to thereceived identification (706). If a match between the received ID and aregistered protected user ID in the records is not found, the websiteaccess manager continues to block the user device from accessing theinternet (707).

If a match between the received ID and a registered protected user ID isfound (706), i.e. the received ID is the ID of child registered as aprotected user, the protected user (child) is logged in to theapplication module 21 and the process continues as follows. The websiteaccess manager looks to the user data records to determine if thewebsite the protected user child is seeking to access matches anapproved website listed in their user profile (708) for example bycomparing website IP addresses. If a match between the website and anapproved website listed in the user profile is found, the website accessmanager causes the user device to access the website so that the websiteis provided on the display of the user device for viewing andmanipulation by the protected user (710). If no match is found, thewebsite access manager continues to block the user device from accessingthe website (709).

Method 700 ensures that the user device accesses only those websitesthat correspond to pre-approved websites identified in records of aparticular registered protected user that has been identified as theuser of the user device. A parent registered as the primaryadministrator can login to the application software via the userinterface and approve a list of websites associated with a particularchild registered as a protected user and, with the application softwarerunning on the user device, ensure that the software application onlyallows the child to access the websites in the approved list of theiruser profile.

A method of controlling the amount of user device access to the internetaccording to one embodiment will now be described. Let us assume by wayof example that process 700 has been performed and the website accessmanager is allowing the user device (and therefore the child user) toaccess the website received via the user interface (710). Method 800 ofFIG. 7 is one example of a method of controlling the amount of userdevice access to the website. The website access manager accesses thestored record data in memory (801) and, from the user profile of theparticular registered protected user logged in to the system (the childuser), looks up a specific website access time limit that has been setfor that particular website (802) (website specific access time limitsmay also correspond to re-authentication times, such as for exampleshown in FIG.3). Note that the individual website access times may beset in the user profile by the administrator on a website by websitebasis or a universal website access time may be set for all pre-approvedsites.

Website access manager then determines from the user device hardware theamount of time the user device is accessing the website and comparesthat time to the website access time limit for that specific website(803). In response to determining that the amount of time that the userdevice is accessing the website has not reached the specific websiteaccess time limit, the website access manager continues to allow theuser device to access the website (804). Thus, in this example, thechild user can utilize the user device to continue to access and viewcontent in the website. In response to determining that the amount oftime that the user device is accessing the website reaches the websiteaccess time limit, the website access manager blocks the user devicefrom further accessing the website (805).

Thus, the user device has run out of the approved time for accessing thewebsite and re-authentication of the child user is necessary to utilizethe user device to view the site again. To this end, authenticationmanager proceeds to cause the user device to generate a prompt on thedisplay to enter user identification (806). In response to receiving auser identification in the user device (807), the authentication managerlooks to the stored record data to match the received useridentification to the previously logged in protected user (808, 809). Ifa match is found (i.e. the received ID is from same the child user), thewebsite access manager causes the user device to continue accessing thewebsite. If a match is not found, the website access manager causes theuser device to block further access to the website (804).

In other examples, re-authentication may be turned off for a particularprotected user, in that case, method 800 finishes at process 805. Thiswould then limit the amount of time a protected user can access aspecific website to the website specific access time stored in the userprofile. The child user's viewing time would therefore be limitedaccording to their user profile settings set by the administrator.Conveniently, the application module can be utilized to manage theamount of time the child can view website content according to thespecific website being viewed. For example, the parent may, for example,set a short website access time in the child's user profile for viewinga video game website, but set a longer website access time for viewing achildren's movie website.

A method of approving user device access to the internet according toone embodiment will now be described with reference to the exemplarymethod 900 of FIG. 8. Let us assume by way of example that process 700has been performed and the website access manager is continuing to blockthe user device from accessing the website because the website the childuser is seeking to access is not found in the pre-approved website listin the child user profile (709 of FIG.6). Initially, the website accessmanager triggers the authentication manager to cause the user device togenerate a request prompt on the user device interface (901). Thegenerated request prompt requests an administrator, in this example theparent of the child user, to approve the child user access to thewebsite that the user device is currently blocked from accessing withthe child user logged in. For example, the authentication manger causesthe user device to display a user administrator login page or window onthe user interface.

An identification is received via the user device interface (902). Theauthentication manager accesses records in memory (903). If the user IDdoes not correspond to a registered administrator (904), the websiteaccess manager continues to cause the user device to block access to thewebsite (905). If the user ID does correspond to an ID of a registeredadministrator, the authentication manager determines whether theadministrator is authorized to approve the protected user access to thewebsite. To this end, the authentication manager looks at the records inmemory to determine whether the administrator is so authorized (905).

There are different ways the authentication manager can determinewhether the abstract is so authorized. For example, the particularregistered protected user profile may have administrator IDs associatedtherewith that correspond to the administrator(s) that are permitted toapprove the particular registered protected user access to one or moreparticular websites. The authentication manager can look to theprotected user profile and determine if the administrator ID is listedin the protected user profile. In another example, each administratorsprofile can list the particular registered protected user IDs that theadministrator is permitted to approve for accessing websites.

In the event that the authentication manager determines that theadministrator ID is not associated with an administrator that isauthorized to approve the particular protected user's access to thewebsite (904), the website access manager causes the user device tocontinue blocking website access (905).

In the event that the authentication manager determines that theadministrator ID is associated with an administrator that is authorizedto approve the particular protected user's access to the website (906),the address or other identifier of the website is added to the approvedwebsite list in the protected user profile (909) provided that a websiteaccess approval input is received in the user device (908) as a resultof the administrator deeming that the website is appropriate for viewingby the protected user. The process then continues. For example, as shownin FIG. 8, the process can then jump to the method 700 and the processof generating a prompt for a protected user identification (702) canfollow. The package will cause the user device to access the particularwebsite once the protected user has logged in as a result of the websitenow being in the protected user's profile. Alternatively, the packagecan be set to automatically relogin the protected user and continuethrough to the process 710 of causing the user device to access anddownload the website.

A method of approving user device access to the internet according toyet another embodiment will now be described with reference to theexemplary method 1000 of FIG. 9. Again, let us assume by way of examplethat process 700 has been performed and the website access manager iscontinuing to block the user device from accessing the website becausethe website the child user is seeking to access is not found in thepre-approved website list in the child user profile (709 of FIG.6).Initially, the website access manager triggers the authenticationmanager to cause the user device to generate a request prompt on theuser device interface (1001). The generated prompt requests anadministrator approve the protected user access to the website that theuser device is currently blocked from accessing with the protected userlogged in. For example, the authentication manger causes the user deviceto display a user administrator login page or window on the userinterface. An identification is received via the user device interface(1002). The authentication manager accesses records in memory (1003). Ifthe user ID does not correspond to a registered administrator ID (1004),the website access manager continues to cause the user device to blockaccess to the website (1005).

If the user ID does correspond to an ID of a registered administrator,the authentication manager determines whether the particularadministrator ID is a primary or secondary administrator ID (1006). Ifthe administrator ID is a primary administrator ID, i.e. theadministrator utilizing the user device is a primary administrator suchas a parent etc., the process renders a website approval user interfaceon the user device and waits to receive a website approval input (1007).If the approval input is received, the address of the website theprotected user is seeking to access is added to the protected userprofile (1008) and the process continues to point C of FIG. 7. If noapproval is received, user device continues to block website access(1005). In one example, the website approval user interface isconfigured to enable the primary administrator to approve the websiteaccess and to select whether to add the particular website to theprotected user profile. In such a case, process (1008) may be omittedwhere there is a selection not to add the website to the list.

If the administrator ID is a secondary administrator (i.e. theadministrator utilizing the user device is a secondary administratordesignated to manage the particular registered protected user, such asan older sibling, grandparent or child caregiver rather than a primaryadministrator (i.e. parent)), the authentication manager then looks tothe approved website list in the secondary administrator profile (1010and 1011 see FIG. 10) to determine whether the particular website thatthe protected user wishes to access has an address that matches anaddress on the approved website list in the secondary administratorprofile. If there is no match, the website access manager causes theuser device to continue blocking access to the website (1012). If thereis such a match, the authentication manager generates on the userinterface a prompt to approve website access.

If no approval of the website is received, the user device continues toblock access (1012). In response to receiving via the user interface awebsite access approval input from the logged in secondary administrator(1013), the authentication manager adds the address or other identifierof the particular website to the approved list in the user profile ofthe protected user (1014) and the process continues. For example, asshown in FIG. 9, the process may jump to the method 700 and the processof generating a prompt for a protected user identification (702) mayfollow. The package will cause the user device to access the particularwebsite once the protected user has logged in as a result of the websitenow being in the protected user's profile. Alternatively, the packagemay be set to automatically relogin the protected user and continuethrough to the process 710 of causing the user device to access anddownload the website. In one example, the website approval userinterface is configured to enable the secondary administrator to approvethe website access as well as to determine whether to add the particularwebsite to the protected user profile. In such a case, process (1008) isomitted where there is a selection not to add the particular websiteaddress or other identifier. Also, the secondary administratorauthorization rights may be configured such that the secondaryadministrator may or may not have this ability to make such a selectionof whether to add the website to the user profile list.

Method 1000 allows a particular secondary administrator to authorize oneor more particular registered protected users access to a website thatcorresponds to a website in the secondary administrators own approvedwebsite list. Secondary administrators with different authorizationrights and different approved website lists may be designated to managethe same or different registered protected users. In this manner,parents can use the software application not only to selectively controlwebsite access and access time to individual particular websites foreach particular child, but can also selectively control the ability ofeach secondary administrator to authorize website access and/or accesstime for each particular child according to each secondaryadministrators own pre-approved settings. This means that the parent canuse the system to delegate limited responsibility to other users, suchas siblings, grandparents and baby sitters (registered as secondaryadministrators), to approve access according to their own approvedwebsite lists. Thus, in such situations, an older sibling, childcaregiver, etc. has the ability to decide whether websites that they arethemselves pre-approved to access by a parent or other adult aresuitable for access by a child and to approve them accordingly.

Such secondary administration enables parents to maintain control tosome extent of a child's exposure to inappropriate internet content indifferent environments where the parent is not present by ensuring that,in the worst case scenario, the child will only be approved to accessthose websites that have been deemed appropriate for the secondaryadministrator older sibling, grandparent, baby sitter, etc., and notjust any website content. This is practical because there are situationsin which parents may not want the older sibling, child caregiver, etc.to have primary administrator rights but may want them to give them atleast some control over approving the child's access to new websites.Since an older sibling, baby sitter, etc. is likely to have a moreextensive list of websites approved by the parent or another adult thanfor a younger child, the software module effectively enables theprotected child user, with the approval of the younger child or otherchild caregiver, to access some new websites even when the parent is notpresent to approve them.

The embodiments and examples set forth herein are presented to bestexplain the present invention and its practical application and tothereby enable those skilled in the art to make and utilize theinvention. Those skilled in the art, however, will recognize that theforegoing description and examples have been presented for the purposeof illustration and example only. Other variations and modifications ofthe present invention will be apparent to those of skill in the art, andit is the intent of the appended claims that such variations andmodifications be covered.

What is claimed is:
 1. A computer-implemented website access managementmethod for parental control, comprising: blocking a user device fromaccessing websites; receiving, in the user device, identification of auser; accessing, in memory, records of at least one registered protecteduser; comparing the received user identification to at least oneregistered protected user identification in the accessed records;blocking the user device website access in response to determining saidreceived user identification does not correspond to a registeredprotected user identification in said accessed records; and in responseto verifying the received user identification corresponds to aparticular registered protected user identification in said accessedrecords; permitting said user device to access at least one websitecorresponding to at least one approved website identified in saidrecords of the particular registered protected user.
 2. The method ofclaim 1, further comprising in response to receiving an instruction toaccess a particular website; verifying, from said accessed records andan identity of the particular website, said particular websitecorresponds to an approved website identified in the accessed records ofsaid particular registered protected user; and accessing, using saiduser device, the particular website corresponding to the approvedwebsite.
 3. The method of claim 1, further comprising in response toreceiving an instruction to access a particular website; verifying, fromsaid accessed records and an identity of the particular website, saidparticular website does not correspond to an approved website identifiedin the accessed records of said particular registered protected user;generating a prompt on said user device requesting an administrator toapprove, for the particular registered protected user, user deviceaccess to the particular website; receiving, in the user device, anotheruser identification, verifying, from the received another useridentification and administrator records, said another useridentification corresponds to identification in said administratorrecords of a particular registered administrator with authorization toapprove, for the particular registered protected user, user deviceaccess to the particular website; and in response to verifying saidanother user identification corresponds to said identification of saidparticular registered administrator, permitting the user device accessto the particular website in response to receiving in said user devicean input approving said particular website.
 4. The method of claim 3, inresponse to receiving said user device approval input, modifying inmemory the accessed records of said registered protected user to includethe identity of the particular website as an approved website that theregistered protected user is permitted to access.
 5. The method of claim1, wherein permitting the user device to access a website correspondingto an approved website further comprises determining from said accessedrecords of the particular registered protected user a pre-approvedaccess time period for accessing the approved website; and permittingthe user device to access the approved website for said access timeperiod.
 6. The method of claim 5, further comprising followingexpiration of said approved access time period, blocking said userdevice from further accessing said particular website.
 7. The method ofclaim 6, further comprising generating a prompt on said user devicerequesting entry of a user identification for further website access;receiving the user identification; and permitting the user device tocontinue accessing the particular website if the received useridentification corresponds to the particular registered protected useridentification in said accessed records.
 8. The method of claim 3,wherein verifying said another user identification corresponds toidentification in said records of said particular registeredadministrator includes: verifying said registered protected user recordsand/or administrator records include a protected user specificauthorization for said particular secondary administrator to manage saidparticular registered protected user; and verifying the particularwebsite corresponds to an approved website identified in records of theparticular registered secondary administrator.
 9. The method of claim 1,wherein receiving, in the user device, identification of a user furthercomprises scanning an iris and/or face of the user utilizing an irisand/or face recognition device.
 10. An apparatus for website accessparental management, said apparatus comprising: a processor operablyconnectable to at least one user device; a data bus coupled to saidprocessor; a computer readable medium embodying computer program code,said computer readable medium being coupled to said data bus; and saidcomputer program code comprising instructions executable by saidprocessor and configured to: block a user device from accessingwebsites; receive, from the user device, an instruction to access aparticular website; receive, from the user device, identification of auser; access, in memory, records of at least one registered protecteduser; compare the received user identification to the registeredprotected user identification in said accessed records; block the userdevice website access if said received user identification does notcorrespond to the registered protected user identification in saidaccessed records; if the received user identification and corresponds tothe particular registered protected user identification in said accessedrecords, permitting the user device to access a particular websitecorresponding to an approved website identified in the records of saidparticular registered protected user.
 11. The apparatus of claim 10,wherein said instructions executable by said processor are furtherconfigured to: receive instructions to access a particular website;verify, from said accessed records and an identity of the particularwebsite, said particular website corresponds to an approved websiteidentified in the records of said particular registered protected user;and unblock user device access to the particular website in response toverifying said particular website corresponds to the approved website.12. The apparatus of claim 10, wherein said instructions executable bysaid processor are further configured to: verify, from said accessedrecords and an identity of the particular website, said particularwebsite does not correspond to an approved website identified in theaccessed records of said particular registered protected user; generatea prompt on said user device requesting an administrator to approve, forthe particular registered protected user, user device access to theparticular website; receive, from the user device, another useridentification, verify, from the received another user identificationand records, said another user identification corresponds toidentification in records of a particular registered administrator withauthorization to approve, for the particular registered protected user,user device access to the particular website; in response to saidverification, receive from the user device an input approving saidparticular website; and permit the user device access to the approvedparticular website.
 13. The apparatus of claim 10, wherein saidinstructions executable by said processor are further configured to:verify, from said accessed records and an identity of the particularwebsite, said particular website does not correspond to an approvedwebsite identified in the accessed records of said particular registeredprotected user; generate a prompt on said user device requesting anadministrator to approve, for the particular registered protected user,user device access to the particular website; receive, from the userdevice, another user identification, verify, from the received anotheruser identification and records of administrators, said received useridentification corresponds to a particular secondary administratoridentification in said records; verify the particular websitecorresponds to an approved website identified in records of theparticular registered secondary administrator; receive from the userdevice an input approving said verified particular website; and permitthe user device access to the verified particular website.
 14. Acomputer-readable medium for website access parental management, saidcomputer-readable medium embodying computer program code, said computerprogram code comprising computer executable instructions configured for:blocking a user device from accessing websites; receiving, in the userdevice, identification of a user; accessing, in memory, records of atleast one registered protected user; comparing the received useridentification to registered protected user identification in saidaccessed records; blocking the user device website access if saidreceived user identification does not correspond to a registeredprotected user identification in said accessed records; and permittingthe user device to access at least one website corresponding to at leastone approved website identified in accessed records of a particularregistered protected user if the received user identification andcorresponds to the particular registered protected user identificationin said accessed records.
 15. The medium of claim 14, said computerprogram code further comprising computer executable instructionsconfigured for: in response to receiving an instruction to access aparticular website; verifying, from said accessed records and anidentity of the particular website, said particular website correspondsto an approved website identified in the accessed records of saidparticular registered protected user; and permitting the user deviceaccess to the particular website corresponding to the approved website.16. The medium of claim 14, said computer program code furthercomprising computer executable instructions further configured for: inresponse to receiving an instruction to access a particular website;verifying, from said accessed records and an identity of the particularwebsite, said particular website does not correspond to an approvedwebsite identified in the accessed records of said particular registeredprotected user; generating a prompt on said user device requesting anadministrator to approve, for the particular registered protected user,user device access to the particular website; receiving, in the userdevice, another user identification, verifying, from the receivedanother user identification and administrator records, said another useridentification corresponds to identification of a particular registeredadministrator with authorization to approve, for the particularregistered protected user, user device access to the particular website;and in response to verifying said another user identificationcorresponds to identification of said particular registeredadministrator, permitting the user device access to the particularwebsite in response to receiving in said user device an input approvingsaid particular website.
 17. The medium of claim 16, said computerprogram code further comprising computer executable instructions furtherconfigured for: wherein verifying said another user identificationcorresponds to identification in said records of said particularregistered administrator includes: verifying said registered protecteduser records and/or administrator records include a protected userspecific authorization for said particular secondary administrator tomanage said particular registered protected user; and verifying theparticular website corresponds to an approved website identified in saidrecords of the particular registered secondary administrator.
 18. Themedium of claim 16, wherein said computer program code furthercomprising computer executable instructions further configured for: inresponse to receiving said user device approval input, modifying inmemory the accessed records of said registered protected user to includethe identity of the particular website as an approved website that theregistered protected user is permitted to access.